mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 00:14:32 +09:00
fb514c2f8f
Instead of including distribution specific files in the subimages, let's have one common mkosi.pkgenv/ directory that handles all the matching which is then included in the subimages. This gives us more control on exactly how we do the matching.
160 lines
3.6 KiB
Plaintext
160 lines
3.6 KiB
Plaintext
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
[Config]
|
|
MinimumVersion=commit:10544812b35a668d4aac9834c78ee8166e99bc78
|
|
Dependencies=
|
|
exitrd
|
|
initrd
|
|
minimal-base
|
|
minimal-0
|
|
minimal-1
|
|
|
|
PassEnvironment=
|
|
NO_SYNC
|
|
NO_BUILD
|
|
WIPE
|
|
SANITIZERS
|
|
CC
|
|
CXX
|
|
CFLAGS
|
|
CPPFLAGS
|
|
CXXFLAGS
|
|
LDFLAGS
|
|
LLVM
|
|
MESON_VERBOSE
|
|
MESON_OPTIONS
|
|
SYSEXT
|
|
WITH_DEBUG
|
|
ASAN_OPTIONS
|
|
COVERAGE
|
|
VCS_TAG
|
|
|
|
[Output]
|
|
RepartDirectories=mkosi.repart
|
|
OutputDirectory=../build/mkosi.output
|
|
|
|
[Build]
|
|
History=yes
|
|
ToolsTree=default
|
|
BuildDirectory=../build/mkosi.builddir
|
|
CacheDirectory=../build/mkosi.cache
|
|
Incremental=yes
|
|
WithTests=no
|
|
|
|
[Validation]
|
|
SignExpectedPcr=yes
|
|
SecureBoot=yes
|
|
SecureBootAutoEnroll=yes
|
|
|
|
[Content]
|
|
ExtraTrees=
|
|
mkosi.extra.common
|
|
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
|
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
|
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
|
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
|
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
|
|
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
|
|
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
|
|
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
|
|
%O/exitrd:/exitrd
|
|
|
|
Initrds=%O/initrd
|
|
KernelInitrdModules=default
|
|
|
|
# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time
|
|
# and results in lots of errors when building images as a regular user.
|
|
SELinuxRelabel=no
|
|
|
|
# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
|
|
# various scenarios. Consider adding support for a credential instead if possible and using that.
|
|
KernelCommandLine=
|
|
systemd.crash_shell
|
|
systemd.log_level=debug,console:info
|
|
systemd.log_ratelimit_kmsg=0
|
|
# Disable the kernel's ratelimiting on userspace logging to kmsg.
|
|
printk.devkmsg=on
|
|
# Make sure /sysroot is mounted rw in the initrd.
|
|
rw
|
|
# Make sure no LSMs are enabled by default.
|
|
selinux=0
|
|
systemd.early_core_pattern=/core
|
|
systemd.firstboot=no
|
|
raid=noautodetect
|
|
oops=panic
|
|
panic=-1
|
|
softlockup_panic=1
|
|
panic_on_warn=1
|
|
psi=1
|
|
mitigations=off
|
|
|
|
Packages=
|
|
acl
|
|
attr
|
|
bash-completion
|
|
binutils
|
|
coreutils
|
|
curl
|
|
diffutils
|
|
dnsmasq
|
|
dosfstools
|
|
e2fsprogs
|
|
findutils
|
|
gdb
|
|
grep
|
|
gzip
|
|
jq
|
|
kbd
|
|
kexec-tools
|
|
kmod
|
|
less
|
|
llvm
|
|
lsof
|
|
lvm2
|
|
mdadm
|
|
mtools
|
|
nano
|
|
nftables
|
|
nvme-cli
|
|
opensc
|
|
openssl
|
|
p11-kit
|
|
pciutils
|
|
python3
|
|
radvd
|
|
rsync
|
|
sed
|
|
socat
|
|
strace
|
|
tar
|
|
tmux
|
|
tree
|
|
util-linux
|
|
valgrind
|
|
which
|
|
wireguard-tools
|
|
xfsprogs
|
|
zsh
|
|
zstd
|
|
|
|
[Runtime]
|
|
Credentials=
|
|
journal.storage=persistent
|
|
tty.serial.hvc0.agetty.autologin=root
|
|
tty.serial.hvc0.login.noauth=yes
|
|
tty.console.agetty.autologin=root
|
|
tty.console.login.noauth=yes
|
|
tty.virtual.tty1.agetty.autologin=root
|
|
tty.virtual.tty1.login.noauth=yes
|
|
RuntimeBuildSources=yes
|
|
RuntimeScratch=no
|
|
CPUs=2
|
|
TPM=yes
|
|
VSock=yes
|
|
KVM=yes
|
|
|
|
[Include]
|
|
Include=%D/mkosi/mkosi.sanitizers
|
|
%D/mkosi/mkosi.coverage
|
|
%D/mkosi/mkosi.pkgenv
|